name: Validate Nginx Configuration with WAF Rules

on:
  push:
    branches:
      - main  # Trigger on push to main branch
  pull_request:
    branches:
      - main  # Trigger on pull request to main branch

jobs:
  validate-nginx-configuration:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Download WAF rules
      run: |
        wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip
        echo "Downloaded nginx_waf.zip"
        ls -lh nginx_waf.zip

    - name: Extract WAF rules
      run: |
        unzip nginx_waf.zip -d waf_rules
        echo "Extracted WAF rules into waf_rules directory"
        ls -lh waf_rules/waf_patterns/nginx/

    - name: Verify WAF rules extraction
      run: |
        if [ ! -d "waf_rules/waf_patterns/nginx" ]; then
          echo "Error: WAF rules directory not found after extraction!"
          exit 1
        fi
        if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then
          echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/"
          echo "Contents of waf_rules/waf_patterns/nginx/:"
          ls -l waf_rules/waf_patterns/nginx/
          exit 1
        fi

    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: "3.9"

    - name: Install crossplane
      run: |
        python -m pip install --upgrade pip
        pip install crossplane

    - name: Validate individual WAF rule files
      run: |
        for file in waf_rules/waf_patterns/nginx/*.conf; do
          echo "Validating $file..."
          # Use crossplane to parse and validate the file
          if ! crossplane parse "$file" > /dev/null; then
            echo "Error: Validation failed for $file"
            crossplane parse "$file"  # Print detailed error
            exit 1
          fi
          echo "Validation successful for $file"
        done

    - name: Merge all WAF rules into a single file
      run: |
        echo "Merging all WAF rules into a single file..."
        echo "http {" > merged_waf_rules.conf
        for file in waf_rules/waf_patterns/nginx/*.conf; do
          echo "Merging $file..."
          cat "$file" >> merged_waf_rules.conf
          echo "" >> merged_waf_rules.conf
        done
        echo "}" >> merged_waf_rules.conf

        echo "Contents of merged_waf_rules.conf:"
        cat merged_waf_rules.conf

    - name: Validate merged WAF rules
      run: |
        echo "Validating merged WAF rules..."
        # Use crossplane to parse and validate the merged file
        if ! crossplane parse merged_waf_rules.conf > /dev/null; then
          echo "Error: Validation failed for merged_waf_rules.conf"
          crossplane parse merged_waf_rules.conf  # Print detailed error
          exit 1
        fi
        echo "Validation successful for merged_waf_rules.conf"